Build trust between Linux, i.e. no password transfer files

1. Basic Scene

The basic scenario is that you want to log in directly from one server to another, or copy the server server's data without password authentication directly to the client server, the following is the server server S (the data file to be sent on this server), theClient service is C, the simplest way to do the trust relationship is as follows:

2. Steps

2.1 on the S Server, go to the hidden directory under the current user's root directory . SSH, the command is as follows :

CD ~/.ssh

(Note: The point in front of the directory name is good. ") Indicates that the folder is a special hidden folder, the LS command is not visible by default, observed through the Ls–a command)

2.2 Build S private key and public key of the server:

SSH-KEYGEN-T RSA

Ssh-keygen generate key for trust relationship generation

-The generating Public/private key pair is displayed. and prompts to generate the public key private key file storage path and file name, the default is placed in a file such as/home/username/.ssh/id_rsa, usually do not change, enter can

Then enter passphrase (empty for nopassphrase): Usually directly enter, the default does not require a password

Entersame Passphrase again: also direct enter

Then the explicit key fingerprint generates a good hint, and a box graph of the RSA encryption protocol is given. At this point in the. SSH directory ls, you can see the generated private key file Id_rsa and the public key file Id_rsa.pub

2.3 in the Server the private key file is loaded on the server

Still in the. SSH directory, execute the command:

Ssh-add Id_rsa

System if prompted: Identity Added:id_rsa (ID_RSA) indicates that the load was successful

Here are a few exception cases:

– If prompted: Could not open a connection to your authentication agent

you need to execute the command:

Ssh-agent Bash

And then execute the ssh-add id_rsa command above.

– If prompted id_rsa:no such file or directory

This is the system cannot find the private key file Id_rsa, need to see whether the current path is not in the. SSH directory, or the private key file changed the name, for example, if the establishment of the time to change to Aa_rsa, then this command also need to change the corresponding

-If you are prompted to command not found, then you must have ordered a typo.

-prompt agent admitted failure to sign using the key, the private key is not loaded successfully, retry Ssh-add

-Note that the Id_rsa/id_rsa.pub file is not deleted and stored in the. SSH directory

2.4 Copy the public key to Client on the server

Very simple, such as SCP id_rsa.pub [email protected]:~/.ssh

2.5 Modifying client server files

ssh logs on to the client server, then appends the contents of the public key to the end of the Authorized_keys file on the client server (This file is also hidden in the folder. SSH, no words can be built, no relationship)

Cat Id_rsa.pub >> ~/.ssh/authorized_keys

here are a variety of supplemental instructions that you can refer to when you encounter problems :

Note 1: This is not recommended in the way of file coverage, some tutorials directly SCP id_rsa.pub to the client server's Authorized_keys file, will lead to other trust relationships previously built data is destroyed, append to the end is a more secure way;

Note 2:cat After the end, the client server just copied over the Id_rsa.pub file is not required, can be deleted or moved to other places)

Note The 3:ssh-keygen command can specify the length of the generated key file through the-b parameter, which defaults to 1024 if not specified, and if ssh-keygen–b 4096 (up to 4096), the encryption increases, but the build and validation times increase. For general applications, the default length is sufficient. If it is RSA encryption, then the shortest length is 768byte

Note The permissions issue for the 4:authorized_keys file. If you follow the above steps to establish a relationship, still have to verify the password, and no other error, you need to check the permissions of the Authorized_keys file, need to make the following changes: chmod g-w Authorized_keys

OK, now try to copy a file on the server side to the client server, you should not need to directly pass the interaction.

However, password authentication is still required to transfer data from client to server server. If you need to transfer data directly between two servers, then follow the steps above.

3.various possible situations and treatment methods

– Tip Port 22:connection refused

Possible causes: The latest openssh-server is not properly installed and the installation method is as follows

sudo apt-get install Openssh-server

does not support apt installation, can be manually downloaded:

wget http://ftp.ssh.com/pub/ssh/ssh-3.2.9.1.tar.gz      

– About permissions settings for directories and files

The permissions for the. SSH directory must be 700, and the permissions for the private key of the local computer must be set to 600:

chmod Id_rsa

Otherwise, the SSH server will deny login

Build trust between Linux, i.e. no password transfer files